Description
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.
Remediation
References
https://snyk.io/vuln/SNYK-JS-POSTLOADER-2403737
Related Vulnerabilities
CVE-2020-8135 Vulnerability in npm package @uppy/companion
CVE-2019-10801 Vulnerability in npm package enpeem
CVE-2013-4152 Vulnerability in maven package org.springframework:spring-oxm
CVE-2020-7661 Vulnerability in npm package url-regex
CVE-2021-23439 Vulnerability in npm package file-upload-with-preview